guess vis.pl really *is* part of face control ;-)
---------- Forwarded message ----------
Date: Sat, 4 Feb 2006 04:53:46 +0200
From: support
To: cve at mitre.org
Subject: RE: CVE-2006-0484 (under review) - poblem sovled (Info from Vendor)
RE: CVE-2006-0484 (under review)
Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL
product, allows remote attackers to read arbitrary files via a .. (dot dot) in any
parameter that opens a file, such as (1) s or (2) p.
The Isue was solved by our program team. All the clients are provided with
proper system updates.
Thank you.
Face Control Program Team